IETF Logo Mail Archive

[openpgp] public logging of e-mail certificates [was: Re: OpenPGP private certification]

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 01 April 2015 18:19 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C4541A1B22 for <openpgp@ietfa.amsl.com>; Wed, 1 Apr 2015 11:19:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WsK0ks9cM3aH for <openpgp@ietfa.amsl.com>; Wed, 1 Apr 2015 11:19:06 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 7BA951A1BD7 for <openpgp@ietf.org>; Wed, 1 Apr 2015 11:19:06 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id DBF1DF984; Wed, 1 Apr 2015 14:19:04 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 6B08A20286; Wed, 1 Apr 2015 13:19:02 -0500 (CDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Phillip Hallam-Baker <phill@hallambaker.com>
In-Reply-To: <CAMm+Lwh3CiHV4L0PJFFnXdjo3prFOY=OZn5yTwW15BXQWU4RFw@mail.gmail.com>
References: <CAA7UWsUz65C0GAQo8Yf7ZOeT9BYy+NLV5pbbPg+Ok0-72ca1eA@mail.gmail.com> <1426721882.4249.72.camel@scientia.net> <5510578A.80304@iang.org> <1427140788.10191.75.camel@scientia.net> <5510B7CF.8060308@iang.org> <1427168189.10191.241.camel@scientia.net> <5511FE82.6010807@iang.org> <1427243451.10191.375.camel@scientia.net> <5512F137.80702@iang.org> <CAHBU6isgirHnx+gHP+OiHuvhzD+1OTCShCHEkhWcqEmUn9qnzQ@mail.gmail.com> <CAMm+LwiXKf1DvgbHaZoJnKdCVbak-jderv6Z8KDs9xPEbUuYQQ@mail.gmail.com> <1427343948.23692.14.camel@scientia.net> <CAMm+Lwi5bVTujuazTXw7oRty7n5RtsObEfNrJzmbtPiOb-X25g@mail.gmail.com> <m27fu3fsom.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CAMm+LwjBuZfP4NwRCy23_d9eRtcfUiLKdyZOu+jYT72HfB0g9g@mail.gmail.com> <87vbhlt8tg.fsf@alice.fifthhorseman.net> <CAMm+Lwjo5eyCHNahqWcwUBoaevCw2s3WAeq-2=maW=JEpCFWxA@mail.gmail.com> <87ego3g3v8.fsf@alice.fifthhorseman.net> <CAMm+Lwh3CiHV4L0PJFFnXdjo3prFOY=OZn5yTwW15BXQWU4RFw@mail.gmail.com>
User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Wed, 01 Apr 2015 14:19:02 -0400
Message-ID: <87wq1vemp5.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/aavqaK9pniovdaA5Lw_FNDn2xaI>
Cc: Christoph Anton Mitterer <calestyo@scientia.net>, Brian Sniffen <bsniffen@akamai.com>, IETF OpenPGP <openpgp@ietf.org>
Subject: [openpgp] public logging of e-mail certificates [was: Re: OpenPGP private certification]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 18:19:11 -0000

On Wed 2015-04-01 13:38:27 -0400, Phillip Hallam-Baker wrote:
> On Wed, Apr 1, 2015 at 1:22 PM, Daniel Kahn Gillmor
> <dkg@fifthhorseman.net> wrote:
>> On Sat 2015-03-28 15:24:38 -0400, Phillip Hallam-Baker wrote:
>>> By that I mean fixed in time. I agree that it does not need to be
>>> public. Only the hash needs to be enrolled.
>>
>> Normal e-mail addresses are low-entropy, right?  this would suggest that
>> they're reversible in most cases without a lot of effort (e.g. consider
>> nsec3-walker, which has similar properties [0]).  how does enrolling
>> only the hash address the privacy considerations effectively?
>>
>>      --dkg
>>
>> [0] http://dnscurve.org/nsec3walker.html
>
> I was planning to enroll the hash of the keysigning which would
> include the signature at minimum.

If you log the hash of the keysigning, then how are the logs useful?
the way that you detect misissuance in a log is that you can scan the
log to see if any new certs have been issued over the identity or
identities that you are interested in monitoring.  If the only thing in
the log is the hash of the full cert, how do you know whether that cert
is one you should be concerned about or not?

           --dkg

v2.23.0 | Report a Bug | By Email